Tuesday, 31 December 2013

The success of last year’s predictions (see my blog dated 31
December 2012) has inspired me to try again. While a few were wide of the mark, others were
spot on. Can my predictions be as reliable in 2014? Only time will tell.

January

BBC choirmaster and broadcaster Gareth Malone OBE contacts the ICO chorus to ask if it is
interested in TV special, and a concert supporting Susan Boyle during the
Malaysian leg of her 2014 world tour. Information Commissioner Graham accepts
the offer, realising it’s the only way he’ll get the funds to travel to the
International Data Protection Commissioners Conference in Mauritius in 2014.

February

Emergency budget restrictions implemented at the ICO cause
BT to cut off all telephone and internet lines to the ICO’s offices in Wilmslow due to non-payment
of phone and internet bills. Problem noticed and resolved within 18 working days.

March

Roof falls in at the ICO’s annual conference in Manchester
after thunderous applause greets a short speech from Information Commissioner
Graham explaining what he really thinks of the soon-to-depart European Commissioner
Vivien Reding.

April

Deputy Information Commissioner David Smith announces that, as annual staff turnover is now
at a record 45%, to provide continuity of data protection guidance, he will
commit himself to remaining with the ICO until his 94th
birthday.

May

Commissioner Graham summoned to the House of Commons Home
Affairs Committee to explain why the roof of the Manchester Convention Centre
fell in while he was speaking last March. ICO ordered to pay the cost of the
repairs. ICO announces that it will do
so by cutting the number of enforcement staff employed to fine public
authorities for data protection breaches.

June

ICO announces that new budgetary restrictions mean more changes
will be made to the procedure for registering DPA complainants. To ensure that
complainants receive an even more attentive and personal service, complaints themselves
are required to attend the ICO’s offices in Wilmslow, Cardiff, Edinburgh or
Belfast in person to register their complaints. Emails containing complaints or
copies of documents are no longer considered acceptable and will not counted
towards the ICO’s statistics which show how it deals with complaints in a
timely manner.

July

Guardian Newspaper publishes more revelations from Edward
Snowden and the NSA. Information Commissioner Graham has evidently never been
of sufficient interest to the British or US authorities to require the Home
Secretary consider signing a warrant to intercept his private communications.

August

Information Commissioner Graham summoned to the House of Commons Home
Affairs Committee to explain why he was never considered sufficiently important
to require scrutiny from the intelligence services. Commissioner Graham
explains (yet again) that data protection is a bit of a Cinderella subject that
very few people take seriously, which is why hardly anyone has complained when
so much of his 2013 – 15 operating budget has been cut, and why so few national
honours have ever been awarded for services to data protection. Evidence
session brought to a prompt close to provide enough time for the next set of
witnesses, who are to be questioned on the social menace of dog fouling along
Frinton seafront.

September

Grand gala concert for the outgoing European Commissioner
Viviane Reding in the European Parliament celebrates her many triumphs. The
event is interrupted by a section of the audience who roundly boo the ICO
chorus, not because of their vocal abilities, but because they are accompanied
by the UKIP orchestra. Order only restored when Commissioner Graham and Viviane
Reding sing a tender duet together.

October

The incoming European Commissioner whose portfolio will
include Data Protection (some politician from Denmark, Malta or Norway) explains
that the Commission is now keen for the current Data Protection Directive
should be replaced by a slightly revised Directive, rather than a complicated
Regulation, to enable each EU Member State to be as beastly as they want to Apple,
Google, Facebook, Microsoft, Twitter, and Yahoo!.

November

The International Association of Privacy Professionals announces
changes to its daily news feeds. Such is the incessant data protection noise
from all parts of the globe that its daily digest will be replaced with an
hourly digest, bringing details of all those great seminars and webinars that people
can register to attend (and for such reasonable fees). Monthly IAPP conferences
are announced in every continent, causing many other data protection conference
organisations to cease trading. The European
Commission criticises the IAAP’s international privacy certification scheme,
arguing that it is not sufficiently focussed on local privacy rules.

December

A lucky data protection oik receives a letter from the Lord
Chamberlain’s Department, explaining that if they’re everso good then HM Queen
might be minded to award them a gong in recognition of their services to data protection.
Said oik is then asked, if the award is forthcoming, whether they might kindly
reconsider their previous announcement to retire from the ICO
on their 94th birthday.

Saturday, 21 December 2013

This is the penultimate blog of the
year. The final blog, to be published on New Year's Eve, will look forward to
what may be the most significant developments of 2014.

For me, my perspective on personal data continues to change.
As an independent consultant, I continue to take an evenly balanced view on the
needs of the data controller and the individual.But, I’m also becoming quite aware of which sectors
of the economy “get” data protection, and which sectors become ever harder to
convince that this personal data malarkey (or the threat of regulatory action
from the regulators in Wilmslow) actually means very much.

The focus from Wilmslow, of budgets being tightened, and
more and more being required for less and less will, I fear, end up with even
the ICO’s supporters querying how it can begin to achieve its statutory objectives
with the income it has been granted.

Perhaps someone will devote some time next year to
disentangling some of the parts of the ICO’s job description. What can be done
more properly by an Information Ombudsman (Like, say, the Financial Services
Ombudsman)? Ombudsmen tend to deal with specific complaints, and they don’t
tend to have the time to see whether structural changes or reforms are required
across industries. A newly constituted Information Commissioner could easily lose
(or dispense with) his complaints and enforcement arms. This might leave the
ICO with tasks that are more strategic and can be dealt with by a Commissioner with
the size of staff that most British Commissioners have. [The Surveillance Commissioner,
the Surveillance Camera Commissioner, the Interception of Communications Commissioner,
the Forensic Services Commissioner, the Children’s Commissioner – even local Police
& Crime Commissioners together don’t have the resources the ICO has]

Perhaps someone will devote some time next year to working
out what training needs data protection officers require, and how these can
best be delivered. Or will everyone just sit back and wait for the IAPP’s certification
programmes to wash over the world? And allow the British Computer Society’s
data protection ISEB exam to fade away because it’s actually pretty hard to
pass?

And, perhaps, a few more companies outside the financial
services sector will realise that this data protection malarkey is quite
important, and that responsibility to addressing the relevant issues had better
not be devolved too far down the management chain.

But none of these will feature in my 2014 predictions list.
No, that list is far more fanciful.

Thanks for reading this blog during 2013 – and for your very
helpful comments during the year.

Tuesday, 17 December 2013

Well, who else could it have been? The Crouch End Chapter of the
Institute for Data Protection was faced with an overwhelming case to declare America’s
National Security Agency to be its Data Protection Villain of the Year.

What other institution has done more to make people
appreciate the potential potholes of large data capture programmes? Has any
other institution so quickly united global regulators in
fury/impotence/admiration of what they have been alleged to have got up to?

Is there any other institution that has found it so hard to
explain to citizens journalists just what data processing is necessary
for the purposes of safeguarding national security? To all intents and
purposes, it has evidently not yet won the argument. While vast swathes of the
population admittedly do not care less, one vocal section of the community has
become very engaged in what they see as a fundamental betrayal of their human rights.
They’ve very angry, and are applying all the levers the American Constitution
can offer.

Is there any other institution that has failed so
spectacularly to keep data secret? If we ever needed evidence that data “in the
wrong hands” is a toxic liability, then here it is.

Finally, is there any other institution that has caused the
national intelligence agencies of other countries to fear that the public may soon
focus on what those intelligence agencies might also have been getting up to? Or caused the cloud computing providers of America to fear that their global
expansion plans have really hit the buffers?

I rest my case.

The award will take the form of a chant, to be sung softly,
by candlelight, by the ICO chorus at the beginning of next week’s data protection
carol service in Wilmslow. I understand that the chorus is still working on the
tune, but the words will be:

Make us atone for causing data mayhem

Make us feel the wrath of Commissioner Graham

We’re no saint – we are truly a sinner

Pack us off to bed without any dinner

Punish us in ways that are most effectiveBeat us on the bottom with the Data Directive

Fine us till our bank balance is zeroCummon, do it, be a regulatory hero

Show the rest who is the bestAt hurting those who’ve just confessed

Make us squeal- we ain’t no foolsWe deliberately broke them data rules

Now tell us - what on earth can you doTo stop us from breaking them rules anew?

Your punishments are so petty and frugalYou don’t scare us – we’re so much greater than Google

Saturday, 14 December 2013

Last night’s meeting of the Crouch End Chapter of the
Institute for Data Protection focused on one main issue – that of nominating
its Data Protection Hero of the Year. The winner was unanimously declared to be
John Bowman of the Ministry of Justice. Why? In honour of his outstanding
service to the country as lead negotiator, overseeing UK negotiations on the
European Commission’s data protection proposals.

John was appointedHead of EU and International Data
Protection Policy at the MoJ in November 2011. He had completed a review of
Claims Management Regulation, and previously led MoJ’s engagement with Muslim
communities on raising awareness of domestic and matrimonial law.He also headed the UK delegation to the 2011
Special Commission on the practical application of the Hague Conventions on
international child abduction. So he is well versed in addressing the needs of
a diverse range of stakeholders.

John’s award will (hopefully) take the form of an anthem of
praise, sung to him by the ICO chorus. The date and venue of this remarkable
presentation has not yet been determined, but with luck it will be captured on
You Tube. The ICO chorus is still working on the tune. The words of the
anthem, however, are likely to be:

Let us praise

Above them all

Our man from the MoJ

Who still walks tall

He’s a star

He's going far

What devotion

Midst this commotion

Many months, nay years

Of sweat and tears

So much time and so much travel

(Will this bloody Reg unravel?)

John’s our saviour

Wants good behaviour

At a cost all can afford

He’s pragmatic

Not dogmatic

Consensus not discord

There is no one

Like John Bowman

In the DP world today

He’s the master

And thinks faster

Knows what the Minister will say

What class

Nerves of brass

Overcomes any impasse

Good suits, great ties

Well judged replies

No flashy showman

All hail - John Bowman!

Afternote:

The Crouch End Chapter also awarded its Data Protection Villain of
the Year prize last night. Details of that recipient will be announced in
due course.

Thursday, 12 December 2013

Have you ever had a
paranormal experience? En route to Tuesday’s meeting of the Data Protection
Forum, I encountered a scene where all my senses told me that I was in the
presence of pure evil. I stood, transfixed to the spot, while what I can only
describe as the spirit of the devil passed by.

I’m not making this
up. It was 9.15am, and I was walking along a busyBlackfriars, some 50 yards
from the Old Bailey. I heard the sound of police sirens. Four police vehicles helped
two prison vans ignore the usual traffic restrictions and make speedy progress
past me. Then, in a well rehearsed manoeuvre, the police vehicles blocked the
roads, another dozen policemen appeared as if out of nowhere, automatic weapons
were on full display, and the unseen occupants of the vans were driven more
slowly into the body of the court building itself.

The police were on
maximum alert, as if expecting an armed ambush at any moment.

Everyone was told to
stay just where they were. And we waited, for a few minutes, as the vans
disappeared into the Old Bailey. Silence. No-one spoke. And no-one objected to
the momentary intrusion on their right to walk along the Queen’s highway. Many
of us sensed who was in the vans, and that was enough to convince us that we
should stay where we were for the time being. It was quite unsettling.

Then, without a word
but with a series of gestures, the police melted away, and we were free to walk
once again along the pavement.

I had not seen such a
heavily armed (and impressive) police escort for a long time. But then again I
had never before been in the presence of the two people who were being tried
for the murder of soldier Lee Rigby.

Was it necessary for
the state to put on such a mighty (and theatrical) show of force?

I’m not sure, but it
certainly did the trick for me.

I didn’t mind
momentarily giving up my human rights to walk wherever I wanted, to ensure that
the accused pair could be safely delivered into the body of the court.

Just as I believe that
many people don’t mind giving up their human rights to have their
communications retained for a short time, in case it becomes necessary for a
British investigator to seek legal powers to access them in the event that they
get caught up in some terrorist plot.

Readers who are interested in such stuff might want to know
that David Anderson QC, the Government’s Independent Reviewer of Terrorism,
will be speaking at the Institute of Advanced Legal Studies on 24 February on “Scrutiny
of terrorism laws: searchlight or veil?” In light of what we now understand the
NSA to have got up to, it promises to be a really interesting session.

Image credit:

This is the scene, as
captured by the great photographer Terry Scott, when the accused pair Michael
Adebolajo and Michael Adebowale arrived at the Old Bailey the previous week, on
2 December.

About Me

I'm Martin Hoskins, and I started this blog to offer somewhat of an irreverent approach to data protection issues. As time has passed, the tone of my posts have become more serious.
I'm not a "high priest" of data protection. I focus on the principles of transparency, fairness, practicality, risk-assessment and pragmatism when dealing with issues, rather than applying every aspect of every data protection rule.
While I may occasionally appear to criticise various organisations with which I am or have been associated, I write here in an entirely personal capacity, so these comments should never be taken to represent anyone else's views on what I write about.
I occasionally tweet as @DataProtector.
You can contact me at:
info@martinhoskins.com.